This is a discussion on Re: Dynamic groups (was Samba and groups > 16) - Samba ; --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 08, 2005 at 02:03:34PM +0100, Edgar, Bob wrote: > Forgive my naivety but what is wrong with the following: >=20 > try to open/create the file/directory > if EACCESS ...
--Nq2Wo0NMKNjxTN9z
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Mar 08, 2005 at 02:03:34PM +0100, Edgar, Bob wrote:
> Forgive my naivety but what is wrong with the following:
>=20
> try to open/create the file/directory
> if EACCESS {
> foreach group in longlist {
> addgroup to groups list
> try to open/create the file/directory
> if success break
> }
> if failure return EACCESS
> }
Exactly this does not work. See my example in the posting you replied to. T=
he
kernel can *deny* your access based on a group membership. So you have to
replicate the kernel functionality for access controls completely in user
space. For each and every access that is access control sensitive.
Volker
--Nq2Wo0NMKNjxTN9z
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCLa4uP/hMgvhmbo4RAkV6AJ0RLSYilvQTEMKI4y5wdXu7xgtsbACeLjrH
hU1KwzCQRatjdFjqF/7dG7s=
=/rRJ
-----END PGP SIGNATURE-----
--Nq2Wo0NMKNjxTN9z--
